Forgot your password?
typodupeerror

Slashdot is powered by your submissions, so send in your scoop

Encryption

Deutsche Telecom Upgrades T-Mobile 2G Encryption In US 9

Posted by timothy
from the tell-all-your-grandparents dept.
An anonymous reader writes T-Mobile, a major wireless carrier in the U.S. and subsidiary of German Deutsche Telecom, is hardening the encryption on its 2G cellular network in the U.S., reports the Washington Post. According to Cisco, 2G cellular calls still account for 13% of calls in the US and 68% of wireless calls worldwide. T-Mobile's upgrades will bring the encryption of older and inexpensive 2G GSM phone signals in the US up to par with that of more expensive 3G and 4G handsets. Parent company Deutsche Telecom had announced a similar upgrade of its German 2G network after last year's revelations of NSA surveillance. 2G is still important not only for that 13 percent of calls, but because lots of connected devices rely on it, or will, even while the 2G clock is ticking. The "internet of things" focuses on cheap and ubiquitous, and in the U.S. that still means 2G, but lots of things that might be connected that way are ones you'd like to be encrypted.
Bug

Software Glitch Caused 911 Outage For 11 Million People 104

Posted by Soulskill
from the off-by-911-error dept.
HughPickens.com writes: Brian Fung reports at the Washington Post that earlier this year emergency services went dark for over six hours for more than 11 million people across seven states. "The outage may have gone unnoticed by some, but for the more than 6,000 people trying to reach help, April 9 may well have been the scariest time of their lives." In a 40-page report (PDF), the FCC found that an entirely preventable software error was responsible for causing 911 service to drop. "It could have been prevented. But it was not," the FCC's report reads. "The causes of this outage highlight vulnerabilities of networks as they transition from the long-familiar methods of reaching 911 to [Internet Protocol]-supported technologies."

On April 9, the software responsible for assigning the identifying code to each incoming 911 call maxed out at a pre-set limit; the counter literally stopped counting at 40 million calls. As a result, the routing system stopped accepting new calls, leading to a bottleneck and a series of cascading failures elsewhere in the 911 infrastructure. Adm. David Simpson, the FCC's chief of public safety and homeland security, says having a single backup does not provide the kind of reliability that is ideal for 911. "Miami is kind of prone to hurricanes. Had a hurricane come at the same time [as the multi-state outage], we would not have had that failover, perhaps. So I think there needs to be more [distribution of 911 capabilities]."
Windows

Windows 0-Day Exploited In Ongoing Attacks 100

Posted by Soulskill
from the gift-that-keeps-on-giving dept.
An anonymous reader writes: Microsoft is warning users about a new Windows zero-day vulnerability that is being actively exploited in the wild and is primarily a risk to users on servers and workstations that open documents with embedded OLE objects. The vulnerability is currently being exploited via PowerPoint files. These specially crafted files contain a malicious OLE (Object Linking and Embedding) object. This is not the first time a vulnerability in OLE has been exploited by cybercriminals, however most previous OLE vulnerabilities have been limited to specific older versions of the Windows operating system. What makes this vulnerability dangerous is that it affects the latest fully patched versions of Windows.
Medicine

DHS Investigates 24 Potentially Lethal IoT Medical Devices 74

Posted by Soulskill
from the but-they're-fine-with-mcdonald's-so-don't-get-your-hopes-up dept.
An anonymous reader writes: In the wake of the U.S. Food and Drug Administration's recent recommendations to strengthen security on net-connected medical devices, the Department of Homeland Security is launching an investigation into 24 cases of potential cybersecurity vulnerabilities in hospital equipment and personal medical devices. Independent security researcher Billy Rios submitted proof-of-concept evidence to the FDA indicating that it would be possible for a hacker to force infusion pumps to fatally overdose a patient. Though the complete range of devices under investigation has not been disclosed, it is reported that one of them is an "implantable heart device." William Maisel, chief scientist at the FDA's Center for Devices and Radiological Health, said, "The conventional wisdom in the past was that products only had to be protected from unintentional threats. Now they also have to be protected from intentional threats too."
Data Storage

Samsung Acknowledges and Fixes Bug On 840 EVO SSDs 99

Posted by Soulskill
from the not-presented-on-a-platter dept.
Lucas123 writes: Samsung has issued a firmware fix for a bug on its popular 840 EVO triple-level cell SSD. The bug apparently slows read performance tremendously for any data more than a month old that has not been moved around on the NAND. Samsung said in a statement that the read problems occurred on its 2.5-in 840 EVO SSDs and 840 EVO mSATA drives because of an error in the flash management software algorithm. Some users on technical blog sites, such as Overclock.net, say the problem extends beyond the EVO line. They also questioned whether the firmware upgrade was a true fix or if it just covers up the bug by moving data around the SSD.
Security

Google Adds USB Security Keys To 2-Factor Authentication Options 119

Posted by timothy
from the something-you-have dept.
An anonymous reader writes with this excerpt from VentureBeat: Google today announced it is beefing up its two-step verification feature with Security Key, a physical USB second factor that only works after verifying the login site is truly a Google website. The feature is available in Chrome: Instead of typing in a code, you can simply insert Security Key into your computer's USB port and tap it when prompted by Google's browser. "When you sign into your Google Account using Chrome and Security Key, you can be sure that the cryptographic signature cannot be phished," Google promises. While Security Key works with Google Accounts at no charge, you'll need to go out and buy a compatible USB device directly from a Universal 2nd Factor (U2F) participating vendor.
Government

Safercar.gov Overwhelmed By Recall For Deadly Airbags 119

Posted by timothy
from the give-it-to-the-healthcare.gov-folks dept.
darylb writes "The NHTSA's safercar.gov website appears to be suffering under the load of recent vehicle recalls, including the latest recall of some 4.7 million vehicles using airbags made by Takata. Searching recalls by VIN is non-responsive at present. Searching by year, make, and model hangs after selecting the year. What can sites serving an important public function do to ensure they stay running during periods of unexpected load?" More on the airbag recall from The New York Times and the Detroit Free Press.
Android

Delivering Malicious Android Apps Hidden In Image Files 112

Posted by timothy
from the best-case-never-touch-a-phone dept.
An anonymous reader writes "Researchers have found a way to deliver a malicious app to Android users by hiding it into what seems to be an encrypted image file, which is then delivered via a legitimate, seemingly innocuous wrapper app. Fortinet malware researcher Axelle Apvrille and reverse engineer Ange Albertini created a custom tool they dubbed AngeCryption, which allows them to encrypt the payload Android application package (APK) and make it look like an image (PNG, JPG) file . They also had to create another APK that carries the "booby-trapped" image file and which can decrypt it to unveil the malicious APK file and install it. A malicious app thusly encrypted is nearly invisible to reverse engineers, and possibly even to AV solutions and Google's Android Bouncer." (Here's the original paper, from researchers Axelle Apvrille and Ange Albertini.)
Encryption

Security Company Tries To Hide Flaws By Threatening Infringement Suit 117

Posted by Soulskill
from the because-that-always-ends-well dept.
An anonymous reader writes: An RFID-based access control system called IClass is used across the globe to provide physical access controls. This system relies on cryptography to secure communications between a tag and a reader. Since 2010, several academic papers have been released which expose the cryptographic insecurity of the IClass system. Based on these papers, Martin Holst Swende implemented the IClass ciphers in a software library, which he released under the GNU General Public License.

The library is useful to experiment with and determine the security level of an access control system (that you own or have explicit consent to study). However, last Friday, Swende received an email from INSIDE Secure, which notified him of (potential) intellectual property infringement, warning him off distributing the library under threat of "infringement action." Interestingly, it seems this is not the first time HID Global has exerted legal pressure to suppress information.
China

China Staging a Nationwide Attack On iCloud and Microsoft Accounts 108

Posted by Soulskill
from the secure-browsing-advised dept.
New submitter DemonOnIce writes: According to The Verge and an original report from the site that monitor's China's Great Firewall activity, China is conducting a large-scale attack on iCloud and Microsoft accounts using its government firewall software. Chinese users may be facing an unpleasant surprise as they are directed to a dummy site designed to look like an Apple login page (or a Microsoft one, as appropriate).
Software

GNU Emacs 24.4 Released Today 152

Posted by timothy
from the please-have-more-than-8-megs-of-RAM dept.
New submitter Shade writes Well over one and a half years in the works, the latest and greatest release of GNU Emacs was made officially available today. Highlights of this release include a built-in web browser, improved multi-monitor and fullscreen support, "electric" indentation enabled by default, support for saving and restoring the state of frames and windows, pixel-based resizing for frames and windows, support for digitally signed ELisp packages, support for menus in text terminals, and much more. Read the official announcement and the full list of changes for more information.
Operating Systems

More Eye Candy Coming To Windows 10 204

Posted by timothy
from the sincere-flattery dept.
jones_supa writes Microsoft is expected to release a new build of the Windows 10 Technical Preview in the very near future, according to their own words. The only build so far to be released to the public is 9841 but the next iteration will likely be in the 9860 class of releases. With this new build, Microsoft has polished up the animations that give the OS a more comprehensive feel. When you open a new window, it flies out on to the screen from the icon and when you minimize it, it collapses back in to the icon on the taskbar. It is a slick animation and if you have used OS X, it is similar to the one used to collapse windows back in to the dock. Bah.
Encryption

'Endrun' Networks: Help In Danger Zones 28

Posted by timothy
from the pinging-mr-bourne-mr-jason-bourne dept.
kierny writes Drawing on networking protocols designed to support NASA's interplanetary missions, two information security researchers have created a networking system that's designed to transmit information securely and reliably in even the worst conditions. Dubbed Endrun, and debuted at Black Hat Europe, its creators hope the delay-tolerant and disruption-tolerant system — which runs on Raspberry Pi — could be deployed everywhere from Ebola hot zones in Liberia, to war zones in Syria, to demonstrations in Ferguson.
The Almighty Buck

Developers, IT Still Racking Up (Mostly) High Salaries 191

Posted by timothy
from the money-goes-further-if-you-live-in-omaha dept.
Nerval's Lobster (2598977) writes Software development and IT remain common jobs among those in the higher brackets, although not the topmost one, according to a new study (with graph) commissioned by NPR. Among those earning between $58,000 and $72,000, IT was the sixth-most-popular job, while software developers came in tenth place. In the next bracket up (earning between $72,000 and $103,000), IT rose to third, with software development just behind in fourth place. As incomes increased another level ($103,000 to $207,000), software developers did even better, coming in second behind managers, although IT dropped off the list entirely. In the top percentile ($207,000 and above), neither software developers nor IT staff managed to place; this is a segment chiefly occupied by physicians (in first place), managers, chief executives, lawyers, and salespeople who are really good at their jobs. In other words, it seems like a good time to be in IT, provided you have a particular skillset. If those high salaries are in Silicon Valley or New York, though, they might not seem as high as half the same rate would in Omaha, or Houston, or Raleigh.
The Internet

Ask Slashdot: Good Hosting Service For a Parody Site? 113

Posted by timothy
from the just-keep-backups dept.
An anonymous reader writes "Ok, bear with me now. I know this is not PC Mag 2014 review of hosting services. I am thinking of getting a parody website up. I am mildly concerned about potential reaction of the parodee, who has been known to be a little heavy handed when it comes to things like that. In short, I want to make sure that the hosting company won't flake out just because of potential complaints. I checked some companies and their TOS and AUPs all seem to have weird-ass restrictions (Arvixe, for example, has a list of unacceptable material that happens to list RPGs and MUDS ). I live in U.S.; parodee in Poland. What would you recommend?"
Desktops (Apple)

iFixit Tears Apart Apple's Shiny New Retina iMac 106

Posted by timothy
from the good-work-if-you-can-get-it dept.
iFixit gives the new Retina iMac a score of 5 (out of 10) for repairability, and says that the new all-in-one is very little changed internally from the system (non-Retina) it succeeds. A few discoveries along the way: The new model "retains the familiar, easily accessible RAM upgrade slot from iMacs of yore"; the display panel (the one iin the machine disassmbled by iFixit at least) was manufactured by LG Display; except for that new display, "the hardware inside the iMac Intel 27" Retina 5K Display looks much the same as last year's 27" iMac." In typical iFixit style, the teardown is documented with high-resolution pictures and more technical details.
Input Devices

Apple's Next Hit Could Be a Microsoft Surface Pro Clone 250

Posted by timothy
from the they-have-the-technology dept.
theodp writes "Good artists copy, great artists steal," Steve Jobs used to say. Having launched a perfectly-timed attack against Samsung and phablets with its iPhone 6 and iPhone 6 Plus, Leonid Bershidsky suggests that the next big thing from Apple will be a tablet-laptop a la Microsoft's Surface Pro 3. "Before yesterday's Apple [iPad] event," writes Bershidsky, "rumors were strong of an upcoming giant iPad, to be called iPad Pro or iPad Plus. There were even leaked pictures of a device with a 12.9-inch screen, bigger than the Surface Pro's 12-inch one. It didn't come this time, but it will. I've been expecting a touch-screen Apple laptop for a few years now, and keep being wrong.
Android

Google Releases Android 5.0 Lollipop SDK and Nexus Preview Images 77

Posted by Soulskill
from the progressively-sillier-names dept.
An anonymous reader writes: As promised, Google today released the full Android 5.0 Lollipop SDK, along with updated developer images for Nexus 5, Nexus 7 (2013), ADT-1, and the Android emulator. The latest version of Android isn't available just yet, but the company is giving developers a head start (about two weeks), so they can test their apps on the new platform. To get the latest Android 5.0 SDK, fire up Android SDK Manager and head to the Tools section, followed by latest SDK Tools, SDK Platform-tools, and SDK Build-tools. Select everything under the Android 5.0 section, hit "Install packages...", accept the licensing agreement, and finally click Install. Google also rolled out updated resources for their Material Design guidelines.
Privacy

FBI Director Continues His Campaign Against Encryption 284

Posted by samzenpus
from the don't-lock-it-down dept.
apexcp writes Following the announcements that Apple and Google would make full disk encryption the default option on their smartphones, FBI director James Comey has made encryption a key issue of his tenure. His blitz continues today with a speech that says encryption will hurt public safety.
Security

FBI Warns Industry of Chinese Cyber Campaign 105

Posted by samzenpus
from the protect-ya-neck dept.
daten writes The FBI on Wednesday issued a private warning to industry that a group of highly skilled Chinese government hackers was in the midst of a long-running campaign to steal valuable data from U.S. companies and government agencies. "These state-sponsored hackers are exceedingly stealthy and agile by comparison with the People's Liberation Army Unit 61398 ... whose activity was publicly disclosed and attributed by security researchers in February 2013," said the FBI in its alert, which referred to a Chinese military hacker unit exposed in a widely publicized report by the security firm Mandiant.

Make headway at work. Continue to let things deteriorate at home.

Working...